Here is teh clarification from Hasse:
Thanks all,
John I am just playing with prefix and access-lists. I was inspiried
by some WB I am doing.
I did find this exercise in Narbiks free workbook (Soup to nuts) its
available via Micronicstraning
I was week on prefix-list before but not now :)
Then I did extend this exercises and was thinking, how far can a ACL
or Extended ACL take me.
Can I solve this with one liner ACL standard or extended. Pushing the
limits. I was playing around.
Daniel and Sarad thanks.
Topology
R1---------------R2
Router 2 recive following from R1 via RIP, I have filter those routes
with different prefix-lists,
Ex, only permit A network that are not subnetted.
ip prefix-list 0.0.0.0/1 ge 8 le 8
Ex, only permit B network that are not subnetted.
ip prefix-list 128.0.0.0/2 ge 16 le 16
Ex, only permit C network that are not subnetted.
ip prefix-list 192.0.0.0/3 ge 24 le 24
Ex, only permit A network that are or are not subnetted.
ip prefix-list 0.0.0.0/1 ge 8 le 16
etc..
On 6/25/12, Marko Milivojevic <markom_at_ipexpert.com> wrote:
> Btw. here's the very 1st response to the original question. He got it
> 100% spot-on:
>
> ------------------------------8<------------------------------
> Hi Hasse,
>
> You are trying to match every class C address with /24 mask right?
> This is not possible with a standard ACL. If you used extended ACL you
> could match mask like this.
>
> access-list 100 permit 192.0.0.0 31.255.255.255 host 255.255.255.0
>
> However I think this is only supported in BGP.
> ------------------------------8<------------------------------
>
> Really... that was it. There was no further clarification needed
> there. Everyone but you understood it. See the pattern?
>
> --
> Marko Milivojevic - CCIE #18427 (SP R&S)
> Senior CCIE Instructor - IPexpert
>
> On Mon, Jun 25, 2012 at 1:20 PM, john matijevic
> <john.matijevic_at_gmail.com> wrote:
>> Marko,
>>
>> I disagree with you the question was very vague, you said you
>> understood I asked you to clarify and you could not, finally, Don
>> explained to me what his original intent was. But you answer that you
>> understood his requirements, and I asked you state what he was asking
>> and you could not provide.
>>
>> I prove you wrong again in other post VTP version 3 can be on exam,
>> you said its not on exam, I asked you to provide reference you could
>> not.
>>
>> Here is original question:
>> Can I do this with an acl or extended cal, I have a Brain Freeze
>> Thanks.
>>
>> R2#show run | sec rip
>> router rip
>> version 2
>> network 10.0.0.0
>> distribute-list prefix 1 in FastEthernet0/0
>> no auto-summary
>>
>> R2#show run | sec prefix-list
>> ip prefix-list 1 seq 5 permit 192.0.0.0/3 ge 24 le 24
>>
>> R2#show ip route rip
>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19, FastEthernet0/0
>>
>> if I am using a standard ACL
>>
>>
>> Standard ACL
>> R2#show run | sec rip
>> router rip
>> version 2
>> network 10.0.0.0
>> distribute-list 1 in FastEthernet0/0
>> no auto-summary
>>
>> R2#show run | sec access-list
>> access-list 1 permit 192.0.0.0 31.255.255.0
>>
>> R2#show ip ro rip
>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 193.1.1.0/25 is subnetted, 1 subnets
>> R 193.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>> 194.1.1.0/26 is subnetted, 1 subnets
>> R 194.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
>>
>>
>> Please try to be nice and friendly im here to help the team.
>>
>> Regards,
>> John
>>
>> On 6/25/12, Marko Milivojevic <markom_at_ipexpert.com> wrote:
>>> Below original question was output from various commands you didn't
>>> bother to look at.
>>>
>>> --
>>> Marko Milivojevic - CCIE #18427 (SP R&S)
>>> Senior CCIE Instructor - IPexpert
>>>
>>> On Mon, Jun 25, 2012 at 1:01 PM, john matijevic
>>> <john.matijevic_at_gmail.com> wrote:
>>>> Marc,
>>>>
>>>> I will repost original question and please identify in what way I was
>>>> argumentitive or rude.
>>>>
>>>> {
>>>> Good Afternoon,
>>>>
>>>> "Can I do this with an acl or extended cal, I have a Brain Freeze
>>>> Thanks."
>>>>
>>>> What is this?
>>>>
>>>> Very vague, can you please be more specific and describe exactly the
>>>> issue or problem that you are trying to solve?
>>>>
>>>> Please post network diagram and configurations.
>>>> }
>>>>
>>>> Please try and be professional we are here to help not to be rude.
>>>>
>>>>
>>>> Regards,
>>>> John
>>>>
>>>> On 6/25/12, Ronnie Angello <ronnie.angello_at_gmail.com> wrote:
>>>>> Don't mess with Marko! That's my brother from another mother...
>>>>>
>>>>> http://t.co/ggHcHwFO
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>> On Jun 25, 2012, at 11:47 AM, marc abel <marcabel_at_gmail.com> wrote:
>>>>>
>>>>>> Here you are again arguing (and being very rude) to a CCIE again
>>>>>> (Marko
>>>>>> is
>>>>>> actually a 2X CCIE). The only reason you find the question vague is
>>>>>> because
>>>>>> you lack the knowledge to understand the question. Marko was taking
>>>>>> the
>>>>>> time to try to explain it and more detail to you and you act
>>>>>> ungrateful
>>>>>> and
>>>>>> tell him to think before he responds.
>>>>>>
>>>>>> You should probably consider going to a CCNP study group until you
>>>>>> have
>>>>>> a
>>>>>> stronger foundation to discuss these topics, or at the very least
>>>>>> learn
>>>>>> to
>>>>>> be respectful and admit that it is YOU that needs more explanation
>>>>>> and
>>>>>> to
>>>>>> ask for it nicely.
>>>>>>
>>>>>> -Marc Abel
>>>>>> CCIE #35470
>>>>>>
>>>>>> On Sun, Jun 24, 2012 at 6:50 PM, john matijevic
>>>>>> <john.matijevic_at_gmail.com>wrote:
>>>>>>
>>>>>>> Marko,
>>>>>>>
>>>>>>> Hasse was very vague with his question, since you understood what
>>>>>>> his
>>>>>>> question is I asked you to state it. Then Hasse responded with
>>>>>>> clarification.
>>>>>>> Please think before you respond.
>>>>>>>
>>>>>>> Regards
>>>>>>> John
>>>>>>>
>>>>>>>
>>>>>>> On 6/24/12, Marko Milivojevic <markom_at_ipexpert.com> wrote:
>>>>>>>> He's asking can he filter a specific prefix using an extended
>>>>>>>> access
>>>>>>>> list, instead of using a prefix list. He gives an example where he
>>>>>>>> tried with a prefix-list and the example where he tried an acl,
>>>>>>>> with
>>>>>>>> obviously different results. Someone very quickly pointed out the
>>>>>>>> difference, with the link to the Cisco's and INE's blog describing
>>>>>>>> the
>>>>>>>> particular use-case. Case closed, moving on. Don't overthink the
>>>>>>>> questions.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Marko Milivojevic - CCIE #18427 (SP R&S)
>>>>>>>> Senior CCIE Instructor - IPexpert
>>>>>>>>
>>>>>>>> On Sun, Jun 24, 2012 at 3:29 PM, john matijevic
>>>>>>>> <john.matijevic_at_gmail.com> wrote:
>>>>>>>>> Good Afternoon Marko,
>>>>>>>>>
>>>>>>>>> Please enlighten us.
>>>>>>>>>
>>>>>>>>> Here is the question:
>>>>>>>>>
>>>>>>>>> Can I do this with an acl or extended cal,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Please clarify what this is? I don't understand what he is asking?
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> John
>>>>>>>>> On 6/24/12, Marko Milivojevic <markom_at_ipexpert.com> wrote:
>>>>>>>>>> He did post the config snippets. I think the question was very
>>>>>>>>>> clear.
>>>>>>>>>> So were the answers :-)
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Marko Milivojevic - CCIE #18427 (SP R&S)
>>>>>>>>>> Senior CCIE Instructor - IPexpert
>>>>>>>>>>
>>>>>>>>>> On Sun, Jun 24, 2012 at 12:27 PM, john matijevic
>>>>>>>>>> <john.matijevic_at_gmail.com> wrote:
>>>>>>>>>>> Good Afternoon,
>>>>>>>>>>>
>>>>>>>>>>> "Can I do this with an acl or extended cal, I have a Brain
>>>>>>>>>>> Freeze
>>>>>>>>>>> Thanks."
>>>>>>>>>>>
>>>>>>>>>>> What is this?
>>>>>>>>>>>
>>>>>>>>>>> Very vague, can you please be more specific and describe exactly
>>>>>>>>>>> the
>>>>>>>>>>> issue or problem that you are trying to solve?
>>>>>>>>>>>
>>>>>>>>>>> Please post network diagram and configurations.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> John
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 6/24/12, Sarad <tosara_at_gmail.com> wrote:
>>>>>>>>>>>> Hi Hasse,
>>>>>>>>>>>>
>>>>>>>>>>>> We can use a extended access-list in BGP to replace a
>>>>>>>>>>>> prefix-list,
>>>>>>> But
>>>>>>>>>>>> in
>>>>>>>>>>>> IGP it appears differently as extended accesslist represent the
>>>>>>>>>>>> route
>>>>>>>>>>>> source and subnet (not subnet and subnet mask)
>>>>>>>>>>>>
>>>>>>>>>>>> Have a look at this
>>>>>>>>>>>>
>>>>>>> http://blog.internetworkexpert.com/2008/01/04/using-extended-access-lists-in-a-distribute-list/
>>>>>>>>>>>>
>>>>>>>>>>>> Cheers
>>>>>>>>>>>> Sara
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Sun, Jun 24, 2012 at 11:12 PM, <daniel.dib_at_reaper.nu> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Hasse,
>>>>>>>>>>>>>
>>>>>>>>>>>>> You are trying to match every class C address with /24 mask
>>>>>>>>>>>>> right?
>>>>>>>>>>>>> This
>>>>>>>>>>>>> is
>>>>>>>>>>>>> not possible with a standard ACL. If you used extended ACL you
>>>>>>>>>>>>> could
>>>>>>>>>>>>> match
>>>>>>>>>>>>> mask like this.
>>>>>>>>>>>>>
>>>>>>>>>>>>> access-list 100 permit 192.0.0.0 31.255.255.255 host
>>>>>>>>>>>>> 255.255.255.0
>>>>>>>>>>>>>
>>>>>>>>>>>>> However I think this is only supported in BGP.
>>>>>>>>>>>>>
>>>>>>>>>>>>> /Daniel
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Sun, 24 Jun 2012 14:02:01 +0200, Hasse wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Can I do this with an acl or extended cal, I have a Brain
>>>>>>>>>>>>>> Freeze
>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> R2#show run | sec rip
>>>>>>>>>>>>>> router rip
>>>>>>>>>>>>>> version 2
>>>>>>>>>>>>>> network 10.0.0.0
>>>>>>>>>>>>>> distribute-list prefix 1 in FastEthernet0/0
>>>>>>>>>>>>>> no auto-summary
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> R2#show run | sec prefix-list
>>>>>>>>>>>>>> ip prefix-list 1 seq 5 permit 192.0.0.0/3 ge 24 le 24
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> R2#show ip route rip
>>>>>>>>>>>>>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:19,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> if I am using a standard ACL
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Standard ACL
>>>>>>>>>>>>>> R2#show run | sec rip
>>>>>>>>>>>>>> router rip
>>>>>>>>>>>>>> version 2
>>>>>>>>>>>>>> network 10.0.0.0
>>>>>>>>>>>>>> distribute-list 1 in FastEthernet0/0
>>>>>>>>>>>>>> no auto-summary
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> R2#show run | sec access-list
>>>>>>>>>>>>>> access-list 1 permit 192.0.0.0 31.255.255.0
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> R2#show ip ro rip
>>>>>>>>>>>>>> R 223.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>> R 200.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>> 193.1.1.0/25 is subnetted, 1 subnets
>>>>>>>>>>>>>> R 193.1.1.0 [120/1] via 10.1.12.1, 00:00:07,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>> R 192.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>> R 195.1.1.0/24 [120/1] via 10.1.12.1, 00:00:07,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>> 194.1.1.0/26 is subnetted, 1 subnets
>>>>>>>>>>>>>> R 194.1.1.0 [120/1] via 10.1.12.1, 00:00:07,
>>>>>>>>>>>>>> FastEthernet0/0
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ______________________________**______________________________**
>>>>>>>>>>>>>> ___________
>>>>>>>>>>>>>> Subscription information may be found at:
>>>>>>>>>>>>>> http://www.groupstudy.com/**list/CCIELab.html<
>>>>>>> http://www.groupstudy.com/list/CCIELab.html>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>>>>
>>>>>>>>>>>>> ______________________________**______________________________**
>>>>>>>>>>>>> ___________
>>>>>>>>>>>>> Subscription information may be found at:
>>>>>>>>>>>>> http://www.groupstudy.com/**
>>>>>>>>>>>>> list/CCIELab.html
>>>>>>>>>>>>> <http://www.groupstudy.com/list/CCIELab.html>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>> _______________________________________________________________________
>>>>>>>>>>>> Subscription information may be found at:
>>>>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>> _______________________________________________________________________
>>>>>>>>>>> Subscription information may be found at:
>>>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>>
>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>
>>>>>>> _______________________________________________________________________
>>>>>>> Subscription information may be found at:
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Marc Abel
>>>>>> CCIE #35470
>>>>>> (Routing and Switching)
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Jun 25 2012 - 13:35:11 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART